Vulnerabilities > Magmi Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-5777 | Improper Authentication vulnerability in Magmi Project Magmi MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. | 7.5 |
| 2020-09-01 | CVE-2020-5776 | Cross-Site Request Forgery (CSRF) vulnerability in Magmi Project Magmi Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. | 6.8 |
| 2017-04-01 | CVE-2017-7391 | Cross-site Scripting vulnerability in Magmi Project Magmi 0.7.22 A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. | 4.3 |
| 2014-11-13 | CVE-2014-8770 | Code Injection vulnerability in Magmi Project Magmi Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/. | 9.0 |